Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Security Error when trying to load content from resource in a Firefox Addon (SDK)

Tags:

firefox-addon

firefox-addon-sdk

I am creating a firefox addon using the SDK. My goal is simple, to intercept a specific iframe and load my own HTML page (packaged as a resource with my addon) instead of the content that was requested originally.

So far I have the following code:

var httpRequestObserver = 
{
    observe: function(subject, topic, data)
    {
        var httpChannel, requestURL;

        if (topic == "http-on-modify-request") {
            httpChannel = subject.QueryInterface(Ci.nsIHttpChannel);
            requestURL = httpChannel.URI.spec;

            var newRequestURL, i;

            if (/someurl/.test(requestURL)) {
                var ioService = Cc["@mozilla.org/network/io-service;1"].getService(Ci.nsIIOService);

                httpChannel.redirectTo(ioService.newURI(self.data.url('pages/test.html'), undefined, undefined));
            }

            return;
        }
    }
};

var observerService = Cc["@mozilla.org/observer-service;1"].getService(Ci.nsIObserverService);
observerService.addObserver(httpRequestObserver, "http-on-modify-request", false);

This code works in that it detects the proper iframe loading and does the redirect correctly. However, I get the following error:

Security Error: Content at http://url.com may not load or link to jar:file:///.../pages/test.html.

How can I get around this limitation?

like image 592
im_nullable Avatar asked Feb 21 '14 23:02

im_nullable

2 Answers

posting my trials here so it can help all:

trail 1 failed - created chrome.manifest file with contents content kaboom-data resources/kaboom/data/ contentaccessible=yes

var myuri = Services.io.newURI('chrome://kaboom-data/content/pages/test.html', undefined, undefined);
httpChannel.redirectTo(myuri);

Error Thrown

Security Error: Content at http://digg.com/tools/diggthis/confirm? may not load or link to jar:file:///C:/Documents%20and%20Settings/SONY%20VAIO/Application%20Data/Mozilla/Firefox/Profiles/vr10qb8s.default/extensions/[email protected]!/resources/kaboom/data/pages/test.html.

trial 2 failed - created resource in bootstrap.js

alias.spec = file:///C:/Documents%20and%20Settings/SONY%20VAIO/Application%20Data/Mozilla/Firefox/Profiles/vr10qb8s.default/extensions/[email protected]

alias updated to spec: jar:file:///C:/Documents%20and%20Settings/SONY%20VAIO/Application%20Data/Mozilla/Firefox/Profiles/vr10qb8s.default/extensions/[email protected]!/

   let resource = Services.io.getProtocolHandler("resource").QueryInterface(Ci.nsIResProtocolHandler);
  let alias = Services.io.newFileURI(data.installPath);
  Cu.reportError('alias.spec = ' + alias.spec);
  if (!data.installPath.isDirectory()) {
    alias = Services.io.newURI("jar:" + alias.spec + "!/", null, null);
    Cu.reportError('alias updated to spec: ' + alias.spec);
  }
  resource.setSubstitution("kaboom_data", alias);

...

var myuri = Services.io.newURI('resource://kaboom_data/resources/kaboom/data/pages/test.html', undefined, undefined);
httpChannel.redirectTo(myuri);

Error Thrown

Security Error: Content at http://digg.com/tools/diggthis/confirm? may not load or link to jar:file:///C:/Documents%20and%20Settings/SONY%20VAIO/Application%20Data/Mozilla/Firefox/Profiles/vr10qb8s.default/extensions/[email protected]!/resources/kaboom/data/pages/test.html.

CONCLUSION in both trials above it was the weirdest thing, it wouldnt show the resource or chrome path in the security error thrown but it would give the full jar path. Leading me to believe that this has something to do with redirectTo function.

The solution that did work was your solution of 

var gBrowser = utils.getMostRecentBrowserWindow().gBrowser;
var domWin = httpChannel.notificationCallbacks.getInterface(Ci.nsIDOMWindow);
var browser = gBrowser.getBrowserForDocument(domWin.document);

//redirect
browser.loadURI(self.data.url('pages/test.html'));

however I changed this to use loadContext instead of this method because it is the recommended way. also gBrowser to getMostRecentBrowserWindow will fail if the url load is slow and in that time the user swithces to another tab or window

I also changed to use Services.jsm as you had imported Cu anyways. Using Services.jsm is super fast not even blink fast. Its just a pointer.

Im still working on trying to the redirectTo method working its really bothering me. The changes I made are to my local copy.

like image 83
Noitidart Avatar answered Nov 11 '22 08:11

Noitidart

Have you considered turning your local HTML file into a data URL and loading that?

like image 1
Matthew Gertner Avatar answered Nov 11 '22 07:11

Matthew Gertner
Sign in to Comment

Related questions

FireFox Addon: How to override native js function
Firefox plugin to convert POST request to GET?
How to integrate Firefox Sync?
Emit message to add-on from content script onbeforeunload?
Porting Chrome extension to Firefox : equivalent to chrome.storage
How to force focus a browser window using browser extension / plugin?
localStorage in Firefox extension throws "The operation is insecure." exception
Is there a default license for Firefox add-ons? [closed]
Firefox - how do I list installed extensions and identify them in a list?
Automate the signature of the update.rdf manifest for my firefox extension
Creating a new Firefox add-on: XUL or Jetpack?
How to save a webpage locally including pictures,etc
How to call a content script function from main.js in firefox addon
how to create .txt in local file system using Firefox extension
Firefox extension with jquery 1.3+
Firefox: Plugin vs extension?
Is it possible to set config settings on Firefox from a Addon
How best for a Firefox extension to avoid polluting the global namespace?
Event which triggers before DOMContentLoaded
Tooltips in panels

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!